Shawn Merdinger gave a presentation on his personal research project covering the security of VoIP WiFi phones. For his initial investigation he is employing a “level one” methodology. These would be attacks from a low to medium skilled hacker, a hacker’s “first look” at the device: looking for open ports, finding developer left-overs, and misusing features. One thing that was common across all phones is how easily they succumb to DOS attacks. He talked about the issues with several specific phones. Many left open port 17185, which is the VxWorks database debug port. The favorite was the Clipcomm CPW-100E which provides unauthenticated access to debugging accounts letting you read call logs and even place calls, turning it into a remote listening device. You can hear Shawn talk about his project on Blue Box Podcast #13. Blue Box also has a copy of Shawn’s detailed slides. Here’s a list of the new phone security threats released a Shmoocon.
dose any one know how to hack past a privacy code on the t-mobile side kick 2. It’s only a 3 digt code. Get back to me a trevor97220@aol.com
If it’s just numeric it might be easiest to just brute force it.
The new Linksys SPA WiFi phones are relatively secure, 17185 was not open on default settings.
http://www.voiplink.com/Linksys_WIP300_p/linksys-wip300.htm
http://www.voiplink.com/Linksys_WIP330_p/linksys-wip330.htm